Millions of IoT devices enlisted into DDoS bots with Bashlite malware

A family of malware targeting Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets has been detected by Level 3 Threat Research Labs working with Flashpoint.

The malware has a number of names – Lizkebab, Bashlite, Torlus, gafgyt – and its impact is far-ranging, according to the report.

The source code, first leaked in early 2015, is written in C, making it suitable for IoT devices based in Linux. Bad actors have already seeded more than a dozen iterations and a million devices have been enlisted in the bots, particularly active in Taiwan, Brazil and Colombia.

Most of the devices use components from Dahua Technology, a China-based manufacturer of surveillance equipment and software. Dahua was notified and is developing a patch.

"The security of IoT devices poses a significant threat," the researchers concluded. "Vendors of these devices must work to improve their security to combat this growing threat."